I wrote similar documentation for work and decided to make it generic enough for others to do this. For all I know there is now some GUI tool that does this, however, I believe it’s best to know what’s going on in the background in order to troubleshoot when something goes wrong.

NTP
First set up ntp, because AD, really kerberos, relies upon exact time and DNS.

# apt-get install ntp

Change this line in /etc/ntp.conf

# You do need to talk to an NTP server or two.
server ntp.circus.com

Restart ntp.

# /etc/init.d/ntp restart

Kerberos
Install Kerberos stuff, these will bring some dependencies with them.

Join AD
Please notice the ALL CAPS domain. This is to match you kerberos realm.

# net ads join -U judson.bishop@CIRCUS.COM

You may have to set up you /etc/samba/smb.conf file first. Also, if you have trouble here you may have to go into active directory and delete this computer, then join it to the domain again. The delete and add may require a new kinit process as well. Sorry I can’t be of more help, but this tip may save you a considerable amount of time.

Winbind
Install winbind.

# apt-get install winbind

# /etc/init.d/winbind start

Pam
You need to change all of the “common” files in the directory /etc/pam.d:
Go to that directory and then make a backup just in case:

# for I in `ls common*`; do cp $I $I.sav; done

These are files as they are on my test server, the cat just leaves out the comments because some can be verbose.